prd-generator
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The script
scripts/generate_prd.shis vulnerable to arbitrary command execution through the unsafe use ofeval. - Evidence: The
prompt_inputfunction inscripts/generate_prd.shuseseval "$var_name='$input'"to assign values to variables. An attacker providing input containing shell metacharacters (e.g.,'; touch /tmp/pwned; #) can execute arbitrary commands with the privileges of the user running the script. - [COMMAND_EXECUTION] (MEDIUM): The script
scripts/generate_prd.shallows for potential arbitrary file writes due to lack of path sanitization. - Evidence: The
OUTPUT_FILEvariable is constructed directly from the user-providedPRODUCT_NAMEusing${PRODUCT_NAME// /_}_prd.md. An attacker can use path traversal sequences (e.g.,../../../tmp/evil) in the product name to write files outside of the intended directory. - [INDIRECT_PROMPT_INJECTION] (LOW): The validation script
scripts/validate_prd.shprovides a surface for indirect prompt injection by processing potentially untrusted PRD files. - Ingestion points:
scripts/validate_prd.shreads and parses the file provided in the first argument ($PRD_FILE). - Boundary markers: None. The script performs raw
grepoperations on the file content. - Capability inventory: The script uses
grepandwcto analyze the file and prints the results to stdout, which may be consumed by an AI agent. - Sanitization: No sanitization or validation of the input file's content is performed before analysis.
- [DATA_EXPOSURE] (LOW): The script
scripts/generate_prd.shautomatically includes system information in the generated document. - Evidence: The script executes
whoamianddateto populate the 'Author' and 'Date' fields in the PRD template, exposing the current username and system time.
Recommendations
- AI detected serious security threats
Audit Metadata